[3454] in cryptography@c2.net mail archive
Re: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Mon Oct 12 20:07:31 1998
From: "Enzo Michelangeli" <em@who.net>
To: <cryptography@c2.net>
Date: Tue, 13 Oct 1998 07:40:14 +0800
-----Original Message-----
From: Marc Horowitz <marc@cygnus.com>
Date: Tuesday, October 13, 1998 6:15 AM
Subject: Re: IP: State Govt Will Use Datakey Smart Cards
>Then users need to decide if they trust the people who can do the
>audits. Even they are trustworthy, how do you know that the software
>they audited is the same software you're running?
I prefer to have hundreds of potential whistle-blowers rather than few,
albeit very smart, auditors: the latter may overlook vital details (do you
remember the Clipper fiasco?) or even be coerced/corrupted into giving
thumbs up. And anyway, the code could be digitally signed, or supplied on
open source basis, or both.
> And even if you do,
>software runs on hardware, which brings us back to square one.
Actually here when we say "hardware" we mean "opaque special-purpose
devices". Inserting backdoors in standard, off-the-shelf computers is going
to be a great deal more difficult than cooking up a specialized black box.
>>> Even when that's unlikely, its mere possibility will be a useful
>>> deterrent against intentional tricks. With hardware devices, public
>>> analysis and review is much more difficult.
>
>Hardware devices also provide stronger protections against compromise.
>It's a two-edged sword.
I know, but when it comes to cryptography I trust air and sunshine more than
obscurity.
That said, it may still be possible to get the best of both worlds - open
design of tamper-proof devices. For example, I'd like to see a loadable
smartcard with a well-documented design, sporting a few built-in devices
such as a modular multiplier and a hardware-based RNG. Then, the firmware
comprising the crypto algorithms could be separately developed and subjected
to public review; this would also ease export-control problems, as RNG's and
multipliers are not, per se, cryptographic equipment.
Enzo
